Jump to content
Nytro

Disabling Intel AMT on Windows

Recommended Posts

Disabling Intel AMT on Windows (and a simpler CVE-2017-5689 Mitigation Guide)

2017-05-02 BY EDDIE BARCELLOS 
 

Completely and permanently (unless you re-install it) disable Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability on Windows. These are components of  the Intel Management Engine firmware.

This is especially relevant since a privilege escalation issue affecting Intel ME (CVE-2017-5689) was made public on May 1st. A patch for Linux is forthcoming. This vulnerability was discovered by Embedi.

 

PS: words within ` ` are commands, you need to copy and paste these commands without the `

 

1) Download the Intel Setup and Configuration Software (Intel SCS) and extract the files

2) Open up an administrator command prompt and navigate to where you extracted the files in step 1:

  • run `cd Configurator`

3) In the command prompt, run `ACUConfig.exe UnConfigure`. If you get an error, try one of the options below:

  • Unconfiguring a system in ACM without RCS integration:
    `ACUConfig.exe UnConfigure /AdminPassword <password> /Full`
  • Unconfiguring a system with RCS integration:
    `ACUConfig.exe UnConfigure /RCSaddress <RCSaddress> /Full`

4) Still in the command prompt, disable and/or remove LMS (Intel Management and Security Application Local Management Service):

  • `sc config LMS start=disabled`
  • `sc delete LMS`
  • also run `sc qc LMS`, which will either show you the path to LMS.exe or FAIL. If it shows you the path, use Explorer to delete it. If it FAILED, do not be concerned.

5) Reboot your computer.

6) Check if there is still a socket listening on the Intel ME Internet Assigned Names Authority (IANA) ports on the client: 16992, 16993, 16994, 16995, 623, and 664 (you can also do this before you start to verify it is listening. The Intel ME listens even if the Intel AMT GUI shows Intel ME is “Unconfigured”)

  • in a command prompt (does not need to be elevated), run `netstat -na | findstr “\<16993\> \<16992\> \<16994\> \<16995\> \<623\> \<664\>”`

7) The Intel AMT GUI should now show “information unavailable on both remaining tabs” (you might have had 3 or more tabs before going thru the steps above)

 

MT06J.png 5FDSU.png

 

8) Optionally, you can now delete LMS.exe. It is usually located in “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS”. You could go further and use Add/Remove Programs to uninstall the AMT GUI, but then you will have a harder time in the future checking whether Intel AMT remains disabled.

 

Voilá, you have gotten rid of the Intel AMT components.

 

But the Intel ME co-processor is still running. Disabling the Intel Management Engine chip has long been a desired goal. If you can point to resources on disabling the Intel ME co-processor for chipsets Haswell and after, please comment below. If your computer has a chipset earlier than Haswell, you can try, at your own risk, these steps.

 

Sursa: https://mattermedia.com/blog/disabling-intel-amt/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...